3 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/2c261f6401e9/ changeset: 2c261f6401e9 user: jgoecks date: 2012-10-23 17:01:31 summary: Update ChromosomeInteraction datatype metadata. affected #: 1 file diff -r 06b3b644188a29b78e8400298c67472b5b6bd790 -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e lib/galaxy/datatypes/interval.py --- a/lib/galaxy/datatypes/interval.py +++ b/lib/galaxy/datatypes/interval.py @@ -1313,15 +1313,18 @@ file_ext = "chrint" - column_names = [ 'Chrom', 'Start1', 'End1', 'Start2', 'End2', 'Value' ] + column_names = [ 'Chrom1', 'Start1', 'End1', 'Chrom2', 'Start2', 'End2', 'Value' ] """Add metadata elements""" - MetadataElement( name="chromCol", default=1, desc="Chrom column", param=metadata.ColumnParameter ) + MetadataElement( name="chrom1Col", default=1, desc="Chrom1 column", param=metadata.ColumnParameter ) MetadataElement( name="start1Col", default=2, desc="Start1 column", param=metadata.ColumnParameter ) MetadataElement( name="end1Col", default=3, desc="End1 column", param=metadata.ColumnParameter ) - MetadataElement( name="start2Col", default=2, desc="Start2 column", param=metadata.ColumnParameter ) - MetadataElement( name="end2Col", default=3, desc="End2 column", param=metadata.ColumnParameter ) - MetadataElement( name="columns", default=3, desc="Number of columns", readonly=True, visible=False ) + MetadataElement( name="chrom2Col", default=4, desc="Chrom2 column", param=metadata.ColumnParameter ) + MetadataElement( name="start2Col", default=5, desc="Start2 column", param=metadata.ColumnParameter ) + MetadataElement( name="end2Col", default=6, desc="End2 column", param=metadata.ColumnParameter ) + MetadataElement( name="valueCol", default=7, desc="Value column", param=metadata.ColumnParameter ) + + MetadataElement( name="columns", default=7, desc="Number of columns", readonly=True, visible=False ) def sniff( self, filename ): return False https://bitbucket.org/galaxy/galaxy-central/changeset/d79eb7e1d7cb/ changeset: d79eb7e1d7cb user: jgoecks date: 2012-10-23 17:06:27 summary: Circster: use chords to denote chromosome interactions data. affected #: 7 files diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 lib/galaxy/visualization/data_providers/genome.py --- a/lib/galaxy/visualization/data_providers/genome.py +++ b/lib/galaxy/visualization/data_providers/genome.py @@ -347,11 +347,18 @@ tabix = ctabix.Tabixfile(bgzip_fname, index_filename=self.converted_dataset.file_name) - # If chrom not in data, try alternative. - if chrom not in tabix.contigs: + # Get iterator using either naming scheme. + iterator = iter( [] ) + if chrom in tabix.contigs: + iterator = tabix.fetch(reference=chrom, start=start, end=end) + else: + # Try alternative naming scheme. chrom = _convert_between_ucsc_and_ensemble_naming( chrom ) - - return tabix.fetch(reference=chrom, start=start, end=end) + if chrom in tabix.contigs: + iterator = tabix.fetch(reference=chrom, start=start, end=end) + + return iterator + def write_data_to_file( self, regions, filename ): out = open( filename, "w" ) @@ -1457,11 +1464,11 @@ feature = line.split() length = len( feature ) - s1 = int( feature[1] ), - e1 = int( feature[2] ), - c = feature[3], - s2 = int( feature[4] ), - e2 = int( feature[5] ), + s1 = int( feature[1] ) + e1 = int( feature[2] ) + c = feature[3] + s2 = int( feature[4] ) + e2 = int( feature[5] ) v = float( feature[6] ) # Feature initialization. @@ -1480,7 +1487,7 @@ return 50000; class ChromatinInteractionsTabixDataProvider( TabixDataProvider, ChromatinInteractionsDataProvider ): - def get_iterator( self, chrom, start, end ): + def get_iterator( self, chrom, start=0, end=sys.maxint ): """ """ # Modify start as needed to get earlier interactions with start region. @@ -1493,7 +1500,7 @@ c = feature[3] s2 = int( feature[4] ) e2 = int( feature[5] ) - if ( ( c == chrom ) and ( s1 < end and e1 > start ) and ( s2 < end and e2 > start ) ): + if ( s1 <= end and e1 >= start ) and ( s2 <= end and e2 >= start ): yield line return filter( TabixDataProvider.get_iterator( self, chrom, start, end ) ) diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 lib/galaxy/web/base/controller.py --- a/lib/galaxy/web/base/controller.py +++ b/lib/galaxy/web/base/controller.py @@ -602,7 +602,7 @@ return visualization - def _get_genome_data( self, trans, dataset, dbkey=None ): + def _get_genome_data( self, trans, dataset, dbkey=None, source='index' ): """ Returns genome-wide data for dataset if available; if not, message is returned. """ @@ -615,7 +615,7 @@ query_dbkey = dbkey chroms_info = self.app.genomes.chroms( trans, dbkey=query_dbkey ) - # If there are no messages (messages indicate data is not ready/available), preload data. + # If there are no messages (messages indicate data is not ready/available), get data. messages_list = [ data_source_dict[ 'message' ] for data_source_dict in data_sources.values() ] message = get_highest_priority_msg( messages_list ) if message: @@ -623,7 +623,7 @@ else: data_provider = trans.app.data_provider_registry.get_data_provider( trans, original_dataset=dataset, - source='index' ) + source=source ) # HACK: pass in additional params, which are only used for summary tree data, not BBI data. rval = data_provider.get_genome_data( chroms_info, level=4, detail_cutoff=0, draw_cutoff=0 ) diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 lib/galaxy/webapps/galaxy/controllers/visualization.py --- a/lib/galaxy/webapps/galaxy/controllers/visualization.py +++ b/lib/galaxy/webapps/galaxy/controllers/visualization.py @@ -8,6 +8,7 @@ from galaxy.visualization.genomes import decode_dbkey from galaxy.visualization.genome.visual_analytics import get_dataset_job from galaxy.visualization.data_providers.phyloviz import PhylovizDataProvider +from galaxy.datatypes.interval import ChromatinInteractions from .library import LibraryListGrid @@ -748,11 +749,16 @@ chroms_info = self.app.genomes.chroms( trans, dbkey=dbkey ) genome = { 'dbkey': dbkey, 'chroms_info': chroms_info } - # Add genome-wide summary tree data to each track in viz. + # Add genome-wide data to each track in viz. tracks = viz_config.get( 'tracks', [] ) for track in tracks: dataset = self.get_hda_or_ldda( trans, track[ 'hda_ldda'], track[ 'dataset_id' ] ) - genome_data = self._get_genome_data( trans, dataset, dbkey ) + # HACK: chromatin interactions tracks use data as source. + source = 'index' + if isinstance( dataset.datatype, ChromatinInteractions ): + source = 'data' + + genome_data = self._get_genome_data( trans, dataset, dbkey, source=source ) if not isinstance( genome_data, str ): track[ 'preloaded_data' ] = genome_data diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 static/scripts/viz/circster.js --- a/static/scripts/viz/circster.js +++ b/static/scripts/viz/circster.js @@ -48,23 +48,46 @@ this.track_gap = 5; this.label_arc_height = 20; this.scale = 1; - this.track_views = null; + this.circular_views = null; + this.chords_views = null; // When tracks added to/removed from model, update view. this.model.get('tracks').on('add', this.add_track, this); this.model.get('tracks').on('remove', this.remove_track, this); + this.get_circular_tracks(); + }, + + // HACKs: using track_type for circular/chord distinction in the functions below for now. + + /** + * Returns tracks to be rendered using circular view. + */ + get_circular_tracks: function() { + return this.model.get('tracks').filter(function(track) { + return track.get('track_type') !== 'DiagonalHeatmapTrack'; + }); + }, + + /** + * Returns tracks to be rendered using chords view. + */ + get_chord_tracks: function() { + return this.model.get('tracks').filter(function(track) { + return track.get('track_type') === 'DiagonalHeatmapTrack'; + }); }, /** * Returns a list of tracks' radius bounds. */ get_tracks_bounds: function() { - var dataset_arc_height = this.dataset_arc_height, + var circular_tracks = this.get_circular_tracks(); + dataset_arc_height = this.dataset_arc_height, min_dimension = Math.min(this.$el.width(), this.$el.height()), // Compute radius start based on model, will be centered // and fit entirely inside element by default. radius_start = min_dimension / 2 - - this.model.get('tracks').length * (this.dataset_arc_height + this.track_gap) - + circular_tracks.length * (this.dataset_arc_height + this.track_gap) - (this.label_arc_height + this.track_gap), // Compute range of track starting radii. @@ -77,12 +100,16 @@ }); }, + /** + * Renders circular tracks, chord tracks, and label tracks. + */ render: function() { var self = this, dataset_arc_height = this.dataset_arc_height, width = self.$el.width(), height = self.$el.height(), - tracks = this.model.get('tracks'), + circular_tracks = this.get_circular_tracks(), + chords_tracks = this.get_chord_tracks(), tracks_bounds = this.get_tracks_bounds(), // Set up SVG element. @@ -108,7 +135,7 @@ } self.zoom_drag_timeout = setTimeout(function() { // Render more detail in tracks' visible elements. - _.each(self.track_views, function(view) { + _.each(self.circular_views, function(view) { view.update_scale(scale); }); }, 400); @@ -117,32 +144,46 @@ .attr("transform", "translate(" + width / 2 + "," + height / 2 + ")") .append('svg:g').attr('class', 'tracks'); - - // -- Render each dataset in the visualization. -- + // -- Render circular tracks. -- // Create a view for each track in the visualiation and render. - this.track_views = tracks.map(function(track, index) { - track_view_class = (track.get('track_type') === 'LineTrack' ? + this.circular_views = circular_tracks.map(function(track, index) { + var track_view_class = (track.get('track_type') === 'LineTrack' ? CircsterBigWigTrackView : - CircsterSummaryTreeTrackView ); + CircsterSummaryTreeTrackView ), + view = new track_view_class({ + el: svg.append('g')[0], + track: track, + radius_bounds: tracks_bounds[index], + genome: self.genome, + total_gap: self.total_gap + }); - return new track_view_class({ + view.render(); + + return view; + }); + + // -- Render chords tracks. -- + + this.chords_views = chords_tracks.map(function(track) { + var view = new CircsterChromInteractionsTrackView({ el: svg.append('g')[0], track: track, - radius_bounds: tracks_bounds[index], + radius_bounds: tracks_bounds[0], genome: self.genome, total_gap: self.total_gap }); + + view.render(); + + return view; }); - _.each(this.track_views, function(view) { - view.render(); - }); - - // -- Render chromosome labels. -- + // -- Render label tracks. -- // Set radius start = end for track bounds. - var track_bounds = tracks_bounds[tracks.length]; + var track_bounds = tracks_bounds[circular_tracks.length]; track_bounds[1] = track_bounds[0]; this.label_track_view = new CircsterLabelTrackView({ el: svg.append('g')[0], @@ -161,13 +202,12 @@ add_track: function(new_track) { // Recompute and update track bounds. var new_track_bounds = this.get_tracks_bounds(); - _.each(this.track_views, function(track_view, i) { - //console.log(self.get_tracks_bounds(), i); + _.each(this.circular_views, function(track_view, i) { track_view.update_radius_bounds(new_track_bounds[i]); }); // Render new track. - var track_index = this.track_views.length, + var track_index = this.circular_views.length, track_view_class = (new_track.get('track_type') === 'LineTrack' ? CircsterBigWigTrackView : CircsterSummaryTreeTrackView ), @@ -179,7 +219,7 @@ total_gap: this.total_gap }); track_view.render(); - this.track_views.push(track_view); + this.circular_views.push(track_view); // Update label track. var track_bounds = new_track_bounds[ new_track_bounds.length-1 ]; @@ -192,14 +232,13 @@ */ remove_track: function(track, tracks, options) { // -- Remove track from view. -- - var track_view = this.track_views[options.index]; - this.track_views.splice(options.index, 1); + var track_view = this.circular_views[options.index]; + this.circular_views.splice(options.index, 1); track_view.$el.remove(); // Recompute and update track bounds. var new_track_bounds = this.get_tracks_bounds(); - _.each(this.track_views, function(track_view, i) { - //console.log(self.get_tracks_bounds(), i); + _.each(this.circular_views, function(track_view, i) { track_view.update_radius_bounds(new_track_bounds[i]); }); } @@ -581,7 +620,7 @@ }); /** - * Bigwig track view in Circster + * Bigwig track view in Circster. */ var CircsterBigWigTrackView = CircsterQuantitativeTrackView.extend({ @@ -604,6 +643,74 @@ } }); +/** + * Chromosome interactions track view in Circster. + */ +var CircsterChromInteractionsTrackView = CircsterTrackView.extend({ + + render: function() { + var self = this; + + // When data is ready, render track. + $.when(self.track.get('data_manager').data_is_ready()).then(function() { + // Convert genome-wide data in chord data. + $.when(self.track.get('data_manager').get_genome_wide_data(self.genome)).then(function(genome_wide_data) { + var chord_data = [], + chroms_info = self.genome.get_chroms_info(); + // Convert chromosome data into chord data. + _.each(genome_wide_data, function(chrom_data, index) { + // Map each interaction into chord data. + var cur_chrom = chroms_info[index].chrom; + var chrom_chord_data = _.map(chrom_data.data, function(datum) { + // Each datum is an interaction/chord. + var source_angle = self._get_region_angle(cur_chrom, datum[1]), + target_angle = self._get_region_angle(datum[3], datum[4]); + return { + source: { + startAngle: source_angle, + endAngle: source_angle + 0.01 + }, + target: { + startAngle: target_angle, + endAngle: target_angle + 0.01 + } + }; + }); + + chord_data = chord_data.concat(chrom_chord_data); + }); + + self.parent_elt.append("g") + .attr("class", "chord") + .selectAll("path") + .data(chord_data) + .enter().append("path") + .style("fill", '000') + .attr("d", d3.svg.chord().radius(self.radius_bounds[0])) + .style("opacity", 1); + }); + }); + }, + + /** + * Returns radians for a genomic position. + */ + _get_region_angle: function(chrom, position) { + // Find chrom angle data + var chrom_angle_data = _.find(this.chroms_layout, function(chrom_layout) { + return chrom_layout.data.chrom === chrom; + }); + + // Return angle at position. + return chrom_angle_data.endAngle - + ( + (chrom_angle_data.endAngle - chrom_angle_data.startAngle) * + (chrom_angle_data.data.len - position) / chrom_angle_data.data.len + ); + } + +}); + // Module exports. return { CircsterView: CircsterView diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 static/scripts/viz/trackster/tracks.js --- a/static/scripts/viz/trackster/tracks.js +++ b/static/scripts/viz/trackster/tracks.js @@ -905,7 +905,7 @@ // Introduction div shown when there are no tracks. this.intro_div = $("<div/>").addClass("intro").appendTo(this.viewport_container).hide(); var add_tracks_button = $("<div/>").text("Add Datasets to Visualization").addClass("action-button").appendTo(this.intro_div).click(function () { - visualization.select_datasets(select_datasets_url, add_track_async_url, view.dbkey, function(tracks) { + visualization.select_datasets(select_datasets_url, add_track_async_url, { 'f-dbkey': view.dbkey }, function(tracks) { _.each(tracks, function(track) { view.add_drawable( object_from_template(track, view, view) ); }); diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 static/scripts/viz/trackster_ui.js --- a/static/scripts/viz/trackster_ui.js +++ b/static/scripts/viz/trackster_ui.js @@ -20,7 +20,7 @@ var self = this, menu = create_icon_buttons_menu([ { icon_class: 'plus-button', title: 'Add tracks', on_click: function() { - visualization.select_datasets(select_datasets_url, add_track_async_url, view.dbkey, function(tracks) { + visualization.select_datasets(select_datasets_url, add_track_async_url, { 'f-dbkey': view.dbkey }, function(tracks) { _.each(tracks, function(track) { view.add_drawable( object_from_template(track, view, view) ); }); diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 static/scripts/viz/visualization.js --- a/static/scripts/viz/visualization.js +++ b/static/scripts/viz/visualization.js @@ -3,8 +3,6 @@ /** * Model, view, and controller objects for Galaxy visualization framework. - * - * Required libraries: Backbone, jQuery * * Models have no references to views, instead using events to indicate state * changes; this is advantageous because multiple views can use the same object @@ -16,11 +14,10 @@ * track definitions are obtained from the server and the success_fn is called with the list of * definitions for selected datasets. */ -var select_datasets = function(dataset_url, add_track_async_url, dbkey, success_fn) { +var select_datasets = function(dataset_url, add_track_async_url, filters, success_fn) { $.ajax({ url: dataset_url, - // Filter by dbkey if available. - data: ( dbkey ? { 'f-dbkey': dbkey } : {} ), + data: filters, error: function() { alert( "Grid failed" ); }, success: function(table_html) { show_modal( https://bitbucket.org/galaxy/galaxy-central/changeset/6b0cc1c4f105/ changeset: 6b0cc1c4f105 user: jgoecks date: 2012-10-23 17:09:19 summary: Automated merge affected #: 34 files diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/admin/statistics.mako --- a/templates/webapps/community/admin/statistics.mako +++ b/templates/webapps/community/admin/statistics.mako @@ -16,35 +16,35 @@ </tr><tr><td>Total repositories</td> - <td>${trans.app.shed_counter.repositories}</td> + <td>${trans.app.shed_counter.repositories | h}</td></tr><tr><td>Empty repositories</td> - <td>${trans.app.shed_counter.new_repositories}</td> + <td>${trans.app.shed_counter.new_repositories | h}</td></tr><tr><td>Deleted repositories</td> - <td>${trans.app.shed_counter.deleted_repositories}</td> + <td>${trans.app.shed_counter.deleted_repositories | h}</td></tr><tr><td>Valid tools</td> - <td>${trans.app.shed_counter.valid_tools}</td> + <td>${trans.app.shed_counter.valid_tools | h}</td></tr><tr><td>Invalid tools</td> - <td>${trans.app.shed_counter.invalid_tools}</td> + <td>${trans.app.shed_counter.invalid_tools | h}</td></tr><tr><td>Workflows</td> - <td>${trans.app.shed_counter.workflows}</td> + <td>${trans.app.shed_counter.workflows | h}</td></tr><tr><td>Proprietary datatypes</td> - <td>${trans.app.shed_counter.proprietary_datatypes}</td> + <td>${trans.app.shed_counter.proprietary_datatypes | h}</td></tr><tr><td>Total clones</td> - <td>${trans.app.shed_counter.total_clones}</td> + <td>${trans.app.shed_counter.total_clones | h}</td></tr></table></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/base_panels.mako --- a/templates/webapps/community/base_panels.mako +++ b/templates/webapps/community/base_panels.mako @@ -50,10 +50,10 @@ ${menu_item[0]} %elif len ( menu_item ) == 2: <% name, link = menu_item %> - <a href="${link}">${name}</a> + <a href="${link}">${name | h}</a> %else: <% name, link, target = menu_item %> - <a target="${target}" href="${link}">${name}</a> + <a target="${target}" href="${link}">${name | h}</a> %endif </li> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/category/create_category.mako --- a/templates/webapps/community/category/create_category.mako +++ b/templates/webapps/community/category/create_category.mako @@ -20,11 +20,11 @@ <form name="create_category_form" id="create_category_form" action="${h.url_for( action='create_category' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size=40"/> + <input name="name" type="textfield" value="${name | h}" size=40"/></div><div class="form-row"><label>Description:</label> - <input name="description" type="textfield" value="${description}" size=40"/> + <input name="description" type="textfield" value="${description | h}" size=40"/></div><div class="form-row"><input type="submit" name="create_category_button" value="Save"/> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/category/edit_category.mako --- a/templates/webapps/community/category/edit_category.mako +++ b/templates/webapps/community/category/edit_category.mako @@ -12,14 +12,14 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="name" value="${category.name}" size="40"/> + <input type="text" name="name" value="${category.name | h}" size="40"/></div><div style="clear: both"></div></div><div class="form-row"><label>Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input name="description" type="textfield" value="${category.description}" size=40"/> + <input name="description" type="textfield" value="${category.description | h}" size=40"/></div><div style="clear: both"></div></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/category/grid.mako --- a/templates/webapps/community/category/grid.mako +++ b/templates/webapps/community/category/grid.mako @@ -14,13 +14,13 @@ <ul class="manage-table-actions"> %if len( grid.global_actions ) < 4: %for action in grid.global_actions: - <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a></li> + <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a></li> %endfor %else: <li><a class="action-button" id="action-8675309-popup" class="menubutton">Actions</a></li><div popupmenu="action-8675309-popup"> %for action in grid.global_actions: - <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a> + <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a> %endfor </div> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/category/valid_grid.mako --- a/templates/webapps/community/category/valid_grid.mako +++ b/templates/webapps/community/category/valid_grid.mako @@ -13,13 +13,13 @@ <ul class="manage-table-actions"> %if len( grid.global_actions ) < 4: %for action in grid.global_actions: - <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a></li> + <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a></li> %endfor %else: <li><a class="action-button" id="action-8675309-popup" class="menubutton">Actions</a></li><div popupmenu="action-8675309-popup"> %for action in grid.global_actions: - <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a> + <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a> %endfor </div> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/common/common.mako --- a/templates/webapps/community/common/common.mako +++ b/templates/webapps/community/common/common.mako @@ -1,3 +1,11 @@ +<%def name="escape_html_add_breaks( value )"> + <% + import markupsafe + value = str( markupsafe.escape( value ) ).replace( '\n', '<br/>' ) + %> + ${value} +</%def> + <%def name="render_star_rating( name, rating, disabled=False )"><% if disabled: @@ -15,7 +23,6 @@ </%def><%def name="render_readme( readme_text )"> - <% readme_text = readme_text.replace( '\n', '<br/>' ) %><style type="text/css"> #readme_table{ table-layout:fixed; width:100%; @@ -31,7 +38,7 @@ <div class="toolFormBody"><div class="form-row"><table id="readme_table"> - <tr><td>${readme_text}</td></tr> + <tr><td>${ escape_html_add_breaks( readme_text ) }</td></tr></table></div></div> @@ -39,7 +46,6 @@ </%def><%def name="render_long_description( description_text )"> - <% description_text = description_text.replace( '\n', '<br/>' ) %><style type="text/css"> #description_table{ table-layout:fixed; width:100%; @@ -53,7 +59,7 @@ <div class="form-row"><label>Detailed description:</label><table id="description_table"> - <tr><td>${description_text}</td></tr> + <tr><td>${ escape_html_add_breaks( description_text ) }</td></tr></table><div style="clear: both"></div></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/common/view_readme.mako --- a/templates/webapps/community/common/view_readme.mako +++ b/templates/webapps/community/common/view_readme.mako @@ -40,7 +40,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/index.mako --- a/templates/webapps/community/index.mako +++ b/templates/webapps/community/index.mako @@ -39,7 +39,7 @@ <%def name="left_panel()"><% can_review_repositories = trans.app.security_agent.user_can_review_repositories( trans.user ) %><div class="unified-panel-header" unselectable="on"> - <div class='unified-panel-header-inner'>${trans.app.shed_counter.valid_tools} valid tools on ${trans.app.shed_counter.generation_time}</div> + <div class='unified-panel-header-inner'>${trans.app.shed_counter.valid_tools | h} valid tools on ${trans.app.shed_counter.generation_time | h}</div></div><div class="page-container" style="padding: 10px;"><div class="toolMenu"> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/browse_invalid_tools.mako --- a/templates/webapps/community/repository/browse_invalid_tools.mako +++ b/templates/webapps/community/repository/browse_invalid_tools.mako @@ -24,9 +24,9 @@ ${invalid_tool_config} </a></td> - <td>${repository_name}</td> - <td>${repository_owner}</td> - <td>${changeset_revision}</td> + <td>${repository_name | h}</td> + <td>${repository_owner | h}</td> + <td>${changeset_revision | h}</td></tr> %endfor </table> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/browse_repository.mako --- a/templates/webapps/community/repository/browse_repository.mako +++ b/templates/webapps/community/repository/browse_repository.mako @@ -101,7 +101,7 @@ %if can_browse_contents: <div class="toolForm"> - <div class="toolFormTitle">Browse ${repository.name} revision ${repository.tip} (repository tip)</div> + <div class="toolFormTitle">Browse ${repository.name | h} revision ${repository.tip | h} (repository tip)</div> %if can_download: <div class="form-row"><label>Clone this repository:</label> @@ -124,7 +124,7 @@ <label>Message:</label><div class="form-row-input"> %if commit_message: - <textarea name="commit_message" rows="3" cols="35">${commit_message}</textarea> + <textarea name="commit_message" rows="3" cols="35">${commit_message | h}</textarea> %else: <textarea name="commit_message" rows="3" cols="35"></textarea> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/common.mako --- a/templates/webapps/community/repository/common.mako +++ b/templates/webapps/community/repository/common.mako @@ -126,9 +126,9 @@ type = requirements_dict[ 'type' ] %><tr> - <td>${name}</td> - <td>${version}</td> - <td>${type}</td> + <td>${name | h}</td> + <td>${version | h}</td> + <td>${type | h}</td></tr> %endif %endfor @@ -154,8 +154,8 @@ <% environment_settings = tool_dependencies[ 'set_environment' ] %> %for requirements_dict in environment_settings: <tr> - <td>${requirements_dict[ 'name' ]}</td> - <td>${requirements_dict[ 'type' ]}</td> + <td>${requirements_dict[ 'name' ] | h}</td> + <td>${requirements_dict[ 'type' ] | h}</td></tr> %endfor </table> @@ -190,8 +190,8 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_tool_metadata', repository_id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision, tool_id=tool_dict[ 'id' ] )}">View tool metadata</a></div></td> - <td>${tool_dict[ 'description' ]}</td> - <td>${tool_dict[ 'version' ]}</td> + <td>${tool_dict[ 'description' ] | h}</td> + <td>${tool_dict[ 'version' ] | h}</td><td><% if 'requirements' in tool_dict: @@ -206,7 +206,7 @@ requirements_str += '%s (%s), ' % ( requirement_dict[ 'name' ], requirement_dict[ 'type' ] ) requirements_str = requirements_str.rstrip( ', ' ) %> - ${requirements_str} + ${requirements_str | h} %else: none %endif @@ -233,7 +233,7 @@ <tr><td><a class="view-info" href="${h.url_for( controller='repository', action='load_invalid_tool', repository_id=trans.security.encode_id( repository.id ), tool_config=invalid_tool_config, changeset_revision=changeset_revision )}"> - ${invalid_tool_config} + ${invalid_tool_config | h} </a></td></tr> @@ -274,7 +274,7 @@ %><tr><td> - <a href="${h.url_for( controller='workflow', action='view_workflow', repository_metadata_id=repository_metadata_id, workflow_name=tool_shed_encode( workflow_name ) )}">${workflow_name}</a> + <a href="${h.url_for( controller='workflow', action='view_workflow', repository_metadata_id=repository_metadata_id, workflow_name=tool_shed_encode( workflow_name ) )}">${workflow_name | h}</a></td><td> %if steps: @@ -283,8 +283,8 @@ unknown %endif </td> - <td>${format_version}</td> - <td>${annotation}</td> + <td>${format_version | h}</td> + <td>${annotation | h}</td></tr> %endfor </table> @@ -317,10 +317,10 @@ subclass = datatypes_dict.get( 'subclass', ' ' ) %><tr> - <td>${extension}</td> - <td>${dtype}</td> - <td>${mimetype}</td> - <td>${subclass}</td> + <td>${extension | h}</td> + <td>${dtype | h}</td> + <td>${mimetype | h}</td> + <td>${subclass | h}</td></tr> %endfor </table> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/contact_owner.mako --- a/templates/webapps/community/repository/contact_owner.mako +++ b/templates/webapps/community/repository/contact_owner.mako @@ -50,7 +50,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">View change log</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_download: <a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), changeset_revision=repository.tip, file_type='gz' )}">Download as a .tar.gz file</a> @@ -66,7 +66,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Contact the owner of the repository named '${repository.name}'</div> + <div class="toolFormTitle">Contact the owner of the repository named '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"> This feature is intended to streamline appropriate communication between diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/create_repository.mako --- a/templates/webapps/community/repository/create_repository.mako +++ b/templates/webapps/community/repository/create_repository.mako @@ -20,18 +20,18 @@ <form name="create_repository_form" id="create_repository_form" action="${h.url_for( controller='repository', action='create_repository' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size="40"/> + <input name="name" type="textfield" value="${name | h}" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Synopsis:</label> - <input name="description" type="textfield" value="${description}" size="80"/> + <input name="description" type="textfield" value="${description | h}" size="80"/><div style="clear: both"></div></div><div class="form-row"><label>Detailed description:</label> %if long_description: - <pre><textarea name="long_description" rows="3" cols="80">${long_description}</textarea></pre> + <pre><textarea name="long_description" rows="3" cols="80">${long_description | h}</textarea></pre> %else: <textarea name="long_description" rows="3" cols="80"></textarea> %endif @@ -43,9 +43,9 @@ <select name="category_id" multiple> %for category in categories: %if category.id in selected_categories: - <option value="${trans.security.encode_id( category.id )}" selected>${category.name}</option> + <option value="${trans.security.encode_id( category.id )}" selected>${category.name | h}</option> %else: - <option value="${trans.security.encode_id( category.id )}">${category.name}</option> + <option value="${trans.security.encode_id( category.id )}">${category.name | h}</option> %endif %endfor </select> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/find_tools.mako --- a/templates/webapps/community/repository/find_tools.mako +++ b/templates/webapps/community/repository/find_tools.mako @@ -35,17 +35,17 @@ <form name="find_tools" id="find_tools" action="${h.url_for( controller='repository', action='find_tools' )}" method="post" ><div class="form-row"><label>Tool id:</label> - <input name="tool_id" type="textfield" value="${tool_id}" size="40"/> + <input name="tool_id" type="textfield" value="${tool_id | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"><label>Tool name:</label> - <input name="tool_name" type="textfield" value="${tool_name}" size="40"/> + <input name="tool_name" type="textfield" value="${tool_name | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"><label>Tool version:</label> - <input name="tool_version" type="textfield" value="${tool_version}" size="40"/> + <input name="tool_version" type="textfield" value="${tool_version | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/find_workflows.mako --- a/templates/webapps/community/repository/find_workflows.mako +++ b/templates/webapps/community/repository/find_workflows.mako @@ -34,7 +34,7 @@ <div style="clear: both"></div><div class="form-row"><label>Workflow name:</label> - <input name="workflow_name" type="textfield" value="${workflow_name}" size="40"/> + <input name="workflow_name" type="textfield" value="${workflow_name | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/manage_repository.mako --- a/templates/webapps/community/repository/manage_repository.mako +++ b/templates/webapps/community/repository/manage_repository.mako @@ -82,7 +82,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -137,7 +137,7 @@ <p/> %endif <div class="toolForm"> - <div class="toolFormTitle">Repository '${repository.name}'</div> + <div class="toolFormTitle">Repository '${repository.name | h}'</div><div class="toolFormBody"><form name="edit_repository" id="edit_repository" action="${h.url_for( controller='repository', action='manage_repository', id=trans.security.encode_id( repository.id ) )}" method="post" > %if can_download: @@ -151,7 +151,7 @@ %if repository.times_downloaded > 0: ${repository.name} %else: - <input name="repo_name" type="textfield" value="${repository.name}" size="40"/> + <input name="repo_name" type="textfield" value="${repository.name | h}" size="40"/> %endif <div class="toolParamHelp" style="clear: both;"> Repository names cannot be changed if the repository has been cloned. @@ -160,13 +160,13 @@ </div><div class="form-row"><label>Synopsis:</label> - <input name="description" type="textfield" value="${description}" size="80"/> + <input name="description" type="textfield" value="${description | h}" size="80"/><div style="clear: both"></div></div><div class="form-row"><label>Detailed description:</label> %if long_description: - <pre><textarea name="long_description" rows="3" cols="80">${long_description}</textarea></pre> + <pre><textarea name="long_description" rows="3" cols="80">${long_description | h}</textarea></pre> %else: <textarea name="long_description" rows="3" cols="80"></textarea> %endif @@ -175,27 +175,27 @@ <div class="form-row"><label>Revision:</label> %if can_view_change_log: - <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label}</a> + <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label | h}</a> %else: - ${revision_label} + ${revision_label | h} %endif </div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} </div><div class="form-row"><label>Times downloaded:</label> - ${repository.times_downloaded} + ${repository.times_downloaded | h} </div> %if is_admin: <div class="form-row"><label>Location:</label> - ${repository.repo_path} + ${repository.repo_path | h} </div><div class="form-row"><label>Deleted:</label> - ${repository.deleted} + ${repository.deleted | h} </div> %endif <div class="form-row"> @@ -215,9 +215,9 @@ <select name="category_id" multiple> %for category in categories: %if category.id in selected_categories: - <option value="${trans.security.encode_id( category.id )}" selected>${category.name}</option> + <option value="${trans.security.encode_id( category.id )}" selected>${category.name | h}</option> %else: - <option value="${trans.security.encode_id( category.id )}">${category.name}</option> + <option value="${trans.security.encode_id( category.id )}">${category.name | h}</option> %endif %endfor </select> @@ -258,14 +258,14 @@ <div class="toolFormBody"><table class="grid"><tr> - <td>${repository.user.username}</td> + <td>${repository.user.username | h}</td><td>owner</td><td> </td></tr> %for username in current_allow_push_list: %if username != repository.user.username: <tr> - <td>${username}</td> + <td>${username | h}</td><td>write</td><td><a class="action-button" href="${h.url_for( controller='repository', action='manage_repository', id=trans.security.encode_id( repository.id ), user_access_button='Remove', remove_auth=username )}">remove</a></tr> @@ -295,7 +295,7 @@ <div class="toolFormBody"><div class="form-row"><label>Times Rated:</label> - ${num_ratings} + ${num_ratings | h} <div style="clear: both"></div></div><div class="form-row"> @@ -329,9 +329,9 @@ %><tr><td>${render_star_rating( name, review.rating, disabled=True )}</td> - <td><pre>${review.comment}</pre></td> + <td><pre>${review.comment | h}</pre></td><td>${time_ago( review.update_time )}</td> - <td>${review.user.username}</td> + <td>${review.user.username | h}</td></tr> %endfor </table> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/preview_tools_in_changeset.mako --- a/templates/webapps/community/repository/preview_tools_in_changeset.mako +++ b/templates/webapps/community/repository/preview_tools_in_changeset.mako @@ -53,7 +53,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Repository ${repository.name}</div> + <div class="toolFormTitle">Repository ${repository.name | h}</div><div class="toolFormBody"> %if len( changeset_revision_select_field.options ) > 1: <form name="change_revision" id="change_revision" action="${h.url_for( controller='repository', action='preview_tools_in_changeset', repository_id=trans.security.encode_id( repository.id ) )}" method="post" > @@ -64,7 +64,7 @@ else: tip_str = '' %> - ${changeset_revision_select_field.get_html()} <i>${tip_str}</i> + ${changeset_revision_select_field.get_html()} <i>${tip_str | h}</i><div class="toolParamHelp" style="clear: both;"> Select a revision to inspect and download versions of tools from this repository. </div> @@ -73,7 +73,7 @@ %else: <div class="form-row"><label>Revision:</label> - ${revision_label} + ${revision_label | h} </div> %endif </div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/rate_repository.mako --- a/templates/webapps/community/repository/rate_repository.mako +++ b/templates/webapps/community/repository/rate_repository.mako @@ -91,7 +91,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">View change log</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -107,7 +107,7 @@ %if repository.user != trans.user: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div> %if can_download: <div class="form-row"><label>Clone this repository:</label> @@ -117,17 +117,17 @@ <div class="toolFormBody"><div class="form-row"><label>Description:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"><label>Version:</label> - ${repository.revision} + ${repository.revision | h} <div style="clear: both"></div></div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div></div> @@ -139,7 +139,7 @@ <form id="rate_repository" name="rate_repository" action="${h.url_for( controller='repository', action='rate_repository', id=trans.security.encode_id( repository.id ) )}" method="post"><div class="form-row"><label>Times Rated:</label> - ${num_ratings} + ${num_ratings | h} <div style="clear: both"></div></div><div class="form-row"> @@ -162,7 +162,7 @@ <label>Review:</label> %if rra and rra.comment: <div class="form-row-input"> - <pre><textarea name="comment" rows="5" cols="80">${rra.comment}</textarea></pre> + <pre><textarea name="comment" rows="5" cols="80">${rra.comment | h}</textarea></pre></div> %else: <div class="form-row-input"> @@ -202,9 +202,9 @@ %><tr><td>${render_star_rating( name, review.rating, disabled=True )}</td> - <td><pre>${review.comment}</pre></td> + <td><pre>${review.comment | h}</pre></td><td>${time_ago( review.update_time )}</td> - <td>${review.user.username}</td> + <td>${review.user.username | h}</td></tr> %endfor </table> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/tool_form.mako --- a/templates/webapps/community/repository/tool_form.mako +++ b/templates/webapps/community/repository/tool_form.mako @@ -177,8 +177,8 @@ %endif %if tool: - <div class="toolForm" id="${tool.id}"> - <div class="toolFormTitle">${tool.name} (version ${tool.version})</div> + <div class="toolForm" id="${tool.id | h}"> + <div class="toolFormTitle">${tool.name | h} (version ${tool.version | h})</div><div class="toolFormBody"><form id="tool_form" name="tool_form" action="" method="get"><input type="hidden" name="tool_state" value="${util.object_to_string( tool_state.encode( tool, app ) )}"> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/upload.mako --- a/templates/webapps/community/repository/upload.mako +++ b/templates/webapps/community/repository/upload.mako @@ -82,7 +82,7 @@ <div class="form-row"><label>Url:</label><div class="form-row-input"> - <input name="url" type="textfield" value="${url}" size="40"/> + <input name="url" type="textfield" value="${url | h}" size="40"/></div><div class="toolParamHelp" style="clear: both;"> Enter a URL to upload your files via http. @@ -141,7 +141,7 @@ <label>Change set commit message:</label><div class="form-row-input"> %if commit_message: - <pre><textarea name="commit_message" rows="3" cols="35">${commit_message}</textarea></pre> + <pre><textarea name="commit_message" rows="3" cols="35">${commit_message | h}</textarea></pre> %else: <textarea name="commit_message" rows="3" cols="35"></textarea> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/view_changelog.mako --- a/templates/webapps/community/repository/view_changelog.mako +++ b/templates/webapps/community/repository/view_changelog.mako @@ -78,7 +78,7 @@ %if can_download: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div><div class="toolFormBody"><div class="form-row"><label>Clone this repository:</label> @@ -95,7 +95,7 @@ else: title_str = '%s changesets' % repository.name %> - <div class="toolFormTitle">${title_str}</div> + <div class="toolFormTitle">${title_str | h}</div><% test_date = None %><div class="toolFormBody"><table class="grid"> @@ -128,23 +128,23 @@ %endif <div class="form-row"><label>Description:</label> - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset[ 'description' ]}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset[ 'description' ] | h}</a></div><div class="form-row"><label>Commit:</label> - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset_str}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset_str | h}</a></div><div class="form-row"><label>Parent:</label> %if ctx_parent_str == 'None': ${ctx_parent_str} %else: - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_parent )}">${ctx_parent_str}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_parent )}">${ctx_parent_str | h}</a> %endif </div><div class="form-row"><label>Commited by:</label> - ${changeset[ 'user' ].split()[0]} + ${changeset[ 'user' ].split()[0] | h} </div><div class="form-row"><label>Pushed:</label> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/view_changeset.mako --- a/templates/webapps/community/repository/view_changeset.mako +++ b/templates/webapps/community/repository/view_changeset.mako @@ -82,7 +82,7 @@ %if can_download: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div><div class="toolFormBody"><div class="form-row"><label>Clone this repository:</label> @@ -99,7 +99,7 @@ else: title_str = '%s changeset %s' % ( repository.name, ctx ) %> - <div class="toolFormTitle">${title_str}</div> + <div class="toolFormTitle">${title_str | h}</div><div class="toolFormBody"><table class="grid"> %if modified: @@ -107,7 +107,7 @@ <td><b>modified:</b> %for item in modified: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -117,7 +117,7 @@ <td><b>added:</b> %for item in added: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -127,7 +127,7 @@ <td><b>removed:</b> %for item in removed: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -137,7 +137,7 @@ <td><b>deleted:</b> %for item in deleted: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -147,7 +147,7 @@ <td><b>unknown:</b> %for item in unknown: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor }</td></tr> @@ -157,7 +157,7 @@ <td><b>ignored:</b> %for item in ignored: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -167,7 +167,7 @@ <td> clean: %for item in clean: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -177,7 +177,6 @@ # Read at most the first 10 lines of diff to determine the anchor ctr = 0 lines = diff.split( '\n' ) - diff = diff.replace( '\n', '<br/>' ) anchor_str = '' for line in lines: if ctr > 9: @@ -189,7 +188,7 @@ ctr += 1 %><tr><td bgcolor="#E0E0E0">${anchor_str}</td></tr> - <tr><td>${diff}</td></tr> + <tr><td>${ escape_html_add_breaks( diff ) }</td></tr> %endfor </table></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/view_repository.mako --- a/templates/webapps/community/repository/view_repository.mako +++ b/templates/webapps/community/repository/view_repository.mako @@ -143,12 +143,12 @@ %if can_browse_contents: <a href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${repository.name}</a> %else: - ${repository.name} + ${repository.name | h} %endif </div><div class="form-row"><label>Synopsis:</label> - ${repository.description} + ${repository.description | h} </div> %if repository.long_description: ${render_long_description( repository.long_description )} @@ -158,12 +158,12 @@ %if can_view_change_log: <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label}</a> %else: - ${revision_label} + ${revision_label | h} %endif </div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} </div><div class="form-row"><label>Times downloaded:</label> @@ -172,7 +172,7 @@ %if trans.user_is_admin(): <div class="form-row"><label>Location:</label> - ${repository.repo_path} + ${repository.repo_path | h} </div><div class="form-row"><label>Deleted:</label> @@ -189,7 +189,7 @@ <div class="toolFormBody"> %for rca in repository.categories: <div class="form-row"> - ${rca.category.name} + ${rca.category.name | h} </div> %endfor <div style="clear: both"></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/view_tool_metadata.mako --- a/templates/webapps/community/repository/view_tool_metadata.mako +++ b/templates/webapps/community/repository/view_tool_metadata.mako @@ -140,35 +140,35 @@ %if 'description' in tool_metadata_dict: <div class="form-row"><label>Description:</label> - ${tool_metadata_dict[ 'description' ]} + ${tool_metadata_dict[ 'description' ] | h} <div style="clear: both"></div></div> %endif %if 'id' in tool_metadata_dict: <div class="form-row"><label>Id:</label> - ${tool_metadata_dict[ 'id' ]} + ${tool_metadata_dict[ 'id' ] | h} <div style="clear: both"></div></div> %endif %if 'guid' in tool_metadata_dict: <div class="form-row"><label>Guid:</label> - ${tool_metadata_dict[ 'guid' ]} + ${tool_metadata_dict[ 'guid' ] | h} <div style="clear: both"></div></div> %endif %if 'version' in tool_metadata_dict: <div class="form-row"><label>Version:</label> - ${tool_metadata_dict[ 'version' ]} + ${tool_metadata_dict[ 'version' ] | h} <div style="clear: both"></div></div> %endif %if 'version_string_cmd' in tool_metadata_dict: <div class="form-row"><label>Version command string:</label> - ${tool_metadata_dict[ 'version_string_cmd' ]} + ${tool_metadata_dict[ 'version_string_cmd' ] | h} <div style="clear: both"></div></div> %endif @@ -184,9 +184,9 @@ <tr><td> %if guid == tool_metadata_dict[ 'guid' ]: - ${guid} <b>(this tool)</b> + ${guid | h} <b>(this tool)</b> %else: - ${guid} + ${guid | h} %endif </td></tr> @@ -224,9 +224,9 @@ requirement_type = requirement_dict[ 'type' ] or 'not provided' %><tr> - <td>${requirement_name}</td> - <td>${requirement_version}</td> - <td>${requirement_type}</td> + <td>${requirement_name | h}</td> + <td>${requirement_version | h}</td> + <td>${requirement_type | h}</td></tr> %endfor </table> @@ -245,27 +245,27 @@ </div><div class="form-row"><label>Command:</label> - <pre>${tool.command}</pre> + <pre>${tool.command | h}</pre><div style="clear: both"></div></div><div class="form-row"><label>Interpreter:</label> - ${tool.interpreter} + ${tool.interpreter | h} <div style="clear: both"></div></div><div class="form-row"><label>Is multi-byte:</label> - ${tool.is_multi_byte} + ${tool.is_multi_byte | h} <div style="clear: both"></div></div><div class="form-row"><label>Forces a history refresh:</label> - ${tool.force_history_refresh} + ${tool.force_history_refresh | h} <div style="clear: both"></div></div><div class="form-row"><label>Parallelism:</label> - ${tool.parallelism} + ${tool.parallelism | h} <div style="clear: both"></div></div> %endif @@ -299,17 +299,17 @@ <td>${test_dict[ 'name' ]}</td><td> %for input in inputs: - <b>${input[0]}:</b> ${input[1]}<br/> + <b>${input[0]}:</b> ${input[1] | h}<br/> %endfor </td><td> %for output in outputs: - <b>${output[0]}:</b> ${output[1]}<br/> + <b>${output[0]}:</b> ${output[1] | h}<br/> %endfor </td><td> %for required_file in required_files: - ${required_file}<br/> + ${required_file | h}<br/> %endfor </td></tr> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/view_workflow.mako --- a/templates/webapps/community/repository/view_workflow.mako +++ b/templates/webapps/community/repository/view_workflow.mako @@ -96,7 +96,7 @@ ${render_msg( message, status )} %endif -<div class="toolFormTitle">${workflow_name}</div> +<div class="toolFormTitle">${workflow_name | h}</div><div class="form-row"><b>Boxes are red when tools are not available in this repository</b><div class="toolParamHelp" style="clear: both;"> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/browse_review.mako --- a/templates/webapps/community/repository_review/browse_review.mako +++ b/templates/webapps/community/repository_review/browse_review.mako @@ -34,7 +34,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Review of repository '${repository.name}'</div> + <div class="toolFormTitle">Review of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Reviewer:</label> @@ -43,17 +43,17 @@ </div><div class="form-row"><label>Repository revision:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=review.changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=review.changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><label>Repository owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div><div class="form-row"><label>Repository synopsis:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"> @@ -70,11 +70,10 @@ # Initialize star rating. rating_name = '%s%srating' % ( component.name, STRSEP ) - review_comment = component_review.comment.replace( '\n', '<br/>' ) %><tr> - <td bgcolor="#D8D8D8"><b>${component.name}</b></td> - <td bgcolor="#D8D8D8">${component.description}</td> + <td bgcolor="#D8D8D8"><b>${component.name | h}</b></td> + <td bgcolor="#D8D8D8">${component.description | h}</td></tr><tr><td colspan="2"> @@ -93,7 +92,7 @@ <tr><td><div overflow-wrap:normal;overflow:hidden;word-break:keep-all;word-wrap:break-word;line-break:strict;> - ${review_comment} + ${ escape_html_add_breaks( component_review.comment ) } </div></td></tr> @@ -101,7 +100,7 @@ <tr><td><label>Approved:</label> - ${component_review.approved} + ${component_review.approved | h} <div style="clear: both"></div></td></tr> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/create_component.mako --- a/templates/webapps/community/repository_review/create_component.mako +++ b/templates/webapps/community/repository_review/create_component.mako @@ -20,11 +20,11 @@ <form name="create_component" id="create_component" action="${h.url_for( controller='repository_review', action='create_component' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size=40"/> + <input name="name" type="textfield" value="${name | h}" size=40"/></div><div class="form-row"><label>Description:</label> - <input name="description" type="textfield" value="${description}" size=40"/> + <input name="description" type="textfield" value="${description | h}" size=40"/></div><div class="form-row"><input type="submit" name="create_component_button" value="Save"/> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/edit_component.mako --- a/templates/webapps/community/repository_review/edit_component.mako +++ b/templates/webapps/community/repository_review/edit_component.mako @@ -12,14 +12,14 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${component.name} + ${component.name | h} </div><div style="clear: both"></div></div><div class="form-row"><label>Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input name="description" type="textfield" value="${component.description}" size=40"/> + <input name="description" type="textfield" value="${component.description | h}" size=40"/></div><div style="clear: both"></div></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/edit_review.mako --- a/templates/webapps/community/repository_review/edit_review.mako +++ b/templates/webapps/community/repository_review/edit_review.mako @@ -35,7 +35,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">My review of repository '${repository.name}'</div> + <div class="toolFormTitle">My review of repository '${repository.name | h}'</div><div class="toolFormBody"><form name="edit_review" action="${h.url_for( controller='repository_review', action='edit_review', id=trans.security.encode_id( review.id ) )}" method="post" ><div class="form-row"> @@ -45,12 +45,12 @@ </div><div class="form-row"><label>Repository owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div><div class="form-row"><label>Repository synopsis:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"> @@ -108,8 +108,8 @@ review_button_name = '%s%sreview_button' % ( component_name, STRSEP ) %><tr> - <td bgcolor="#D8D8D8"><b>${component.name}</b></td> - <td bgcolor="#D8D8D8">${component.description}</td> + <td bgcolor="#D8D8D8"><b>${component.name | h}</b></td> + <td bgcolor="#D8D8D8">${component.description | h}</td></tr><tr><td colspan="2"> @@ -128,7 +128,7 @@ <td><label>Comments:</label> %if component_review: - <pre><textarea name="${comment_name}" rows="3" cols="80">${comment}</textarea></pre> + <pre><textarea name="${comment_name}" rows="3" cols="80">${comment | h}</textarea></pre> %else: <textarea name="${comment_name}" rows="3" cols="80"></textarea> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/reviews_of_changeset_revision.mako --- a/templates/webapps/community/repository_review/reviews_of_changeset_revision.mako +++ b/templates/webapps/community/repository_review/reviews_of_changeset_revision.mako @@ -73,16 +73,16 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Revision reviews of repository '${repository.name}'</div> + <div class="toolFormTitle">Revision reviews of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Revision:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><label>Revision is installable:</label> - ${installable_str} + ${installable_str | h} <div style="clear: both"></div></div><div class="form-row"> @@ -109,7 +109,7 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${encoded_review_id}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='repository_reviews_by_user', id=trans.security.encode_id( review.user.id ) )}">${review.user.username}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='repository_reviews_by_user', id=trans.security.encode_id( review.user.id ) )}">${review.user.username | h}</a></div><div popupmenu="${encoded_review_id}-popup"> %if review.user == trans.user: @@ -126,7 +126,7 @@ <td><input type="submit" name="approve_repository_review_button" value="Save"/></td></form> %else: - <td>${approved_str}</td> + <td>${approved_str | h}</td><td></td> %endif </tr> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/reviews_of_repository.mako --- a/templates/webapps/community/repository_review/reviews_of_repository.mako +++ b/templates/webapps/community/repository_review/reviews_of_repository.mako @@ -55,7 +55,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -68,7 +68,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">${title}</div> + <div class="toolFormTitle">${title | h}</div><div class="toolFormBody"><div class="form-row"><table class="grid"> @@ -102,7 +102,7 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${changeset_revision}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a></div><div popupmenu="${changeset_revision}-popup"> %if repository_reviews: @@ -113,7 +113,7 @@ </div></td><td>${reviewers_str}</td> - <td>${installable_str}</td> + <td>${installable_str | h}</td></tr> %endfor </table> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/select_previous_review.mako --- a/templates/webapps/community/repository_review/select_previous_review.mako +++ b/templates/webapps/community/repository_review/select_previous_review.mako @@ -67,23 +67,23 @@ %endif <div class="warningmessage"> - You have elected to create a new review for revision <b>${changeset_revision_label}</b>of this repository. Since previous revisions have been reviewed, + You have elected to create a new review for revision <b>${changeset_revision_label | h}</b>of this repository. Since previous revisions have been reviewed, you can select a previous review to copy to your new review, or click the <b>Create a review without copying</b> button. </div><div class="toolForm"> - <div class="toolFormTitle">Select previous revision review of repository '${repository.name}'</div> + <div class="toolFormTitle">Select previous revision review of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Revision for new review:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><table class="grid"><tr></tr> - <td bgcolor="#D8D8D8" colspan="4"><b>Previous revision reviews of repository '${repository.name}' that can be copied to your new review</b></td> + <td bgcolor="#D8D8D8" colspan="4"><b>Previous revision reviews of repository '${repository.name | h}' that can be copied to your new review</b></td><tr><th>Reviewer</th><th>Revision reviewed</th> @@ -107,15 +107,15 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${encoded_review_id}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='browse_review', id=encoded_review_id )}">${review.user.username}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='browse_review', id=encoded_review_id )}">${review.user.username | h}</a></div><div popupmenu="${encoded_review_id}-popup"><a class="action-button" href="${h.url_for( controller='repository_review', action='create_review', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision, previous_review_id=encoded_review_id )}">Copy this review</a></div></td> - <td>${previous_changeset_revision_label}</td> + <td>${previous_changeset_revision_label | h}</td><td>${render_star_rating( repository_rating_name, review.rating, disabled=True )}</td> - <td>${approved_str}</td> + <td>${approved_str | h}</td></tr> %endfor %endfor diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/user/manage_email_alerts.mako --- a/templates/webapps/community/user/manage_email_alerts.mako +++ b/templates/webapps/community/user/manage_email_alerts.mako @@ -42,8 +42,8 @@ </tr> %for repository in email_alert_repositories: <tr> - <td>${repository.name}</td> - <td>${repository.description}</td> + <td>${repository.name | h}</td> + <td>${repository.description | h}</td></tr> %endfor </table> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.